Network and Storage Protocols

export-policy rule for root volume

StefanN
3,002 Views

Which recommended export-policy rules shall I provide for a root volume on a CDOT-Vserver, to give on one hand other volumes arbitrary export-policys and on the other hand prevent unwanted access via the /-path?

1 ACCEPTED SOLUTION

marcusgross
2,982 Views

Hi,

 

we use this to prevent writing to the root volume but allow reading and traversing it to the junction:

 

Policy Name: default
Rule Index: 1
Access Protocol: nfs3
Client Match Hostname, IP Address, Netgroup, or Domain: <your whole network>
RO Access Rule: none
RW Access Rule: never
Superuser Security Types: none
Honor SetUID Bits in SETATTR: true
Allow Creation of Devices: true

 

Marcus

View solution in original post

1 REPLY 1

marcusgross
2,983 Views

Hi,

 

we use this to prevent writing to the root volume but allow reading and traversing it to the junction:

 

Policy Name: default
Rule Index: 1
Access Protocol: nfs3
Client Match Hostname, IP Address, Netgroup, or Domain: <your whole network>
RO Access Rule: none
RW Access Rule: never
Superuser Security Types: none
Honor SetUID Bits in SETATTR: true
Allow Creation of Devices: true

 

Marcus

Public